The Trend Micro Hosted Email Security (HES) product was successfully implemented on Thursday, 19th July 2018 around 10am. The issues with the implementation were discussed in the previous update and a full lessons-learned exercise has been conducted the inform future deployments.
The solution has been operational for 26 days without any known service interruptions. In the period of 19th July 2018 10am to 14th August 2018 10am, the system scanned 292,818 (+179,784) email messages for 529 (+11) email addresses. Out of these 206,357 (+129,726) messages were blocked due to malicious content and 86,443 (50,040) messages were delivered:
- 31,483 clean messages
- 22,644 bulk newsletters (graymail)
- 7,999 potential spam
- 12,560 failed domain-based authentication
- 11,384 low URL (web) reputation
- 63 potential business email compromise attempts (delivered with additional email header tag)
- 89 potential malware (cleaned malware and delivered with additional email header tag)
- 19 potential phishing
- 23 potential advanced persistent threats (cleaned threat and delivered with additional email header tag)
- 179 other potential threats
OxCERT is not aware of any email security related support requests to the IT Services Service Desks. There were no reported issues from the Nexus team and Nexus365 project team.
Next steps
- Modify the email gateway filter policy to add a text (stamp) to the message body of messages that
- are cleaned from potential malware (e.g. the removal of a malicious attachment),
- have an attachment removed due to file name extension blacklisting, or
- are identified as potential business email compromises (BEC).
- Schedule a survey with IT Services staff to obtain feedback on the pilot.
- Plan the implemenation of Trend Micro Cloud Application Security for the Information Security Team and IT Services.
- Prepare the extension of the pilot of Hosted Email Security to four additional email domains covering a wide range of departments and potentially a college.